EUVD-2024-43129

Malicious code in bioql PyPI...

EUVD-2022-6095

Malicious code in bioql PyPI...

EUVD-2022-46028

Malicious code in bioql PyPI...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

Improper Input Validation

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Improper Input Validation via the HTML entity decoding logic in the client-side PDF export pipeline. An attacker can explo...

Open Redirect

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Open Redirect via the nextpage query parameter in the post-authentication redirection flow. An attacker can exploit this...

Insertion of Sensitive Information into Log File

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of sensitive configuration data by the startresearch...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

GHSA-G88P-R42R-PPP9 Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

SoK: Systematic Analysis of Adversarial Threats against Deep Learning Approaches for Autonomous Anomaly Detection Systems in SDN-IoT Networks

Integrating SDN and the IoT enhances network control and flexibility. DL-based AAD systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses,...

PT-2025-40043

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repository secrets.go fil...

Prototype Pollution

Overview dref is a deep object refs Affected versions of this package are vulnerable to Prototype Pollution via the lib.set function. An attacker can cause a denial of service by supplying a specially crafted payload. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype...

ExpIDS: a Drift-Adaptable Network Intrusion Detection System with Improved Explainability

Despite all the advantages associated with Network Intrusion Detection Systems NIDSs that utilize machine learning ML models, there is a significant reluctance among cyber security experts to implement these models in real-world production settings. This is primarily because of their opaque natur...

CVE-2025-57351

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...

Allocation Of Resources Without Limits

@escape.tech/graphql-armor-max-depth is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper introspection handling because when ignoreIntrospection is enabled the default, an attacker can name a query/fragment schema to evade max-depth checks and craft...

ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following...

PT-2025-48429

Name of the Vulnerable Software and Affected Versions Apache bRPC versions prior to 1.15.0 Description An issue exists in the json2pb component of Apache bRPC that can lead to a server crash. This occurs when processing deeply recursive JSON data received from a remote attacker. The root cause is...